Security

last person joined: 5 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Apple OSX El Capitan Prompting to Trust Certificate repeatedly

  • 1.  Apple OSX El Capitan Prompting to Trust Certificate repeatedly

    Posted May 10, 2016 09:35 PM

    Hello all,

     

    First time posting here, but I've encountered a problem that I can't find anywhere else out there.  So it would seem to be unique to my instance, but I'm still hoping someone may have some insight.

     

    Essentially, when users connect from a Mac running El Capitan (10.11), the first time they connect, they are prompted to trust the certificate.  Obviously, this is normal behaviour, they click trust and it puts it into the certificate chain.

     

    However, every time they connect, they still receive the message to check the certificate and to continue. While it doesn't prevent them from connecting, it is an extra step that has become quite annoying to our users.  It doesn't impact mobiles or windows devices, just the Mac's running the latest OS.

     

    Our certificate has been loaded both as just the leaf as well as the full chain.  The root certificate is in the normal OSX System Roots already as well.

     

    One thing we believe may be related is that we use a CN common across all of our clearpass devices, with SAN that has the more specific information for each of the boxes.  Example: CN = clearpass.domain with SAN = site1-clearpass.domain.

     

    Any thoughts or recommendations would be appreciated.  Another note is that we are using EV certificates and while we don't believe this should have any impact, we would appreciate knowing if anyone else is using an EV cert without any issues.

     

    Regards,

     

    Kevin



  • 2.  RE: Apple OSX El Capitan Prompting to Trust Certificate repeatedly

    Posted May 10, 2016 09:39 PM
    If you manually change the cert to full trust in keychain, does the problem go away? 


  • 3.  RE: Apple OSX El Capitan Prompting to Trust Certificate repeatedly

    Posted May 10, 2016 09:49 PM

    Unfortunately, no. I've set the cert, the intermediate and the root all to fully trusted for all things and it still doesn't go away.